Canonical has released a series of Ubuntu Security Notices (USNs) addressing critical vulnerabilities across key open-source packages, including MuPDF, Redis, Samba, and Apache Subversion. The updates mitigate risks ranging from denial-of-service attacks to potential remote code execution.
The latest batch of Ubuntu security advisories highlights several vulnerabilities fixed across multiple long-term support (LTS) releases, reinforcing the distribution’s ongoing commitment to stability and security.
MuPDF Vulnerabilities (USN-7825-1)
Multiple flaws were patched in MuPDF, the lightweight PDF and e-book rendering framework. Affecting Ubuntu 16.04, 18.04, and 20.04 LTS, the issues included memory leaks, segmentation faults, infinite loops, and use-after-free conditions. Attackers could exploit these weaknesses to trigger denial-of-service conditions or potentially leak sensitive data. Eight CVEs were addressed, ranging from CVE-2018-1000036 to CVE-2021-37220.
Read More: Ubuntu Fixes Multiple Linux Kernel Vulnerabilities Across Oracle, Azure, and Raspberry Pi Systems
Redis and Redict Vulnerabilities (USN-7824-2, USN-7824-3)
Canonical also issued updates for Redis and its fork Redict after researchers Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered memory management flaws in Lua script handling. These issues could allow authenticated users to crash the database or execute arbitrary code remotely. Redict and Redis updates now bring corresponding fixes across Ubuntu 22.04 LTS and earlier supported versions.
Samba Vulnerabilities (USN-7826-1)
Two critical issues were found in Samba, the open-source SMB/CIFS file and print server. CVE-2025-9640 involved uninitialized memory in the vfs_streams_xattr module, potentially exposing sensitive information. CVE-2025-10230, discovered by Igor Morgenstern, allowed arbitrary code execution through improper handling of WINS hook program names.
Apache Subversion Vulnerability (USN-7818-2)
A separate advisory fixed a flaw in Apache Subversion that could crash the system or corrupt repositories when processing filenames with control characters. The update applies to Ubuntu 18.04, 20.04, 22.04, and 24.04 LTS.
Canonical recommends all users apply these security updates promptly to maintain system integrity and reduce exposure to exploit risks.
